Human Factors Threaten SMB Cybersecurity Efforts

Small and medium-sized businesses may be spending more on cybersecurity, but human factors still pose a significant threat.

A recent survey by password manager provider LastPass found that although SMBs have become proactive with security investments, a survey of more than 600 business and IT security leaders from companies with fewer than 3,000 employees found that human factors continue to make them vulnerable to attacks by cybercriminals.

The LastPass survey found there was a gap between how SMB leaders were tackling cybersecurity and employee behaviours.

The good news is that SMB executives have increased their attention and investment when it comes to cybersecurity. The LastPass survey found that 90% of IT leaders and 80% of non-IT leaders reported an increased focus on cybersecurity measures over the past year, with 82% of businesses boosting their cybersecurity budgets.

The bad news is there’s a disconnect between executives and their employees. Most executives and IT leaders said they feel confident about their cybersecurity measures, with only 30% of leaders believing their company faces a high risk of cybersecurity threats.

However, among the rank and file, only 78% of non-IT leaders believe employees understand the security expectations of their jobs, the survey found. More troublesome is that 1 out of 5 non-IT leaders admits to circumventing security policies, while 1 in 10 IT security leaders admits to circumventing security policies.

The LastPass survey suggests that despite increased investment in cybersecurity, their efforts are being undone by employee behavior. To get the most from their security budget, SMBs need to be mindful of the human factors that make the organization more vulnerable to an attack and subsequent data breach.

Small steps go a long way, and LastPass makes five key recommendations to encourage employee behavior that mitigates human factors that might put the organization at increased risk:

Ramp up cybersecurity education: SMBs should develop clear communication strategies and regular training sessions for all employees so they understand their role in maintaining robust cybersecurity, and every part of the organization must understand and commit to security policies.

Create incentives: SMBs should have stronger incentives for security compliance, balanced by stricter consequences for violations as well as policies for when it’s acceptable to bypass security measures to get work done. A culture of for reporting violations must also be fostered.

Embrace threat intelligence: SMB leaders must be able to identify and protect valuable and critical business information and know where the threats are coming from by investing in a threat intelligence-led security program.

Mandate password managers: Password management requires critical attention, according to the survey, so password managers combined with continuous education on password security are essential.

Brace for AI threats: Phishing attacks, cloud vulnerabilities, and the potential for business data loss due to ransomware attacks or malware are getting help from AI, so it’s important to fight fire with fire and adopt AI-driven security tools that provide advanced threat detection and response capabilities.

Cybersecurity is a continuum, and SMBs can’t be complacent even with increased investment. Human factors must be continually addressed through education, policy, and technology adoption.

There are many ways artificial intelligence (AI) and machine learning already impact cybersecurity. You can expect that trend to continue in 2024 – both as tools for data protection as well as a threat.

Balancing Cybersecurity Innovation Amid Evolving Threat Landscapes

Even as you implement AI and machine learning into your cybersecurity strategy through the adoption of tools like Security Orchestration, Automation, and Response (SOAR), Security Information and Event Management (SIEM) and Managed Detection and Response (MDR), so are threat actors. They will continue to update and evolve their own methodologies and tools to compromise their targets by applying AI and machine learning to how they use ransomware, malware and deepfakes.

With small and medium-sized businesses just much at risk as their large enterprise counterparts, SMBs must take advantage of AI and machine learning as mush possible. AI-directed attacks are expected to rise in 2024 in the form of deepfake technologies that make phishing and impersonation more effective, as well as evolving ransomware and malware.

Deepfake social engineering techniques

Deepfake technologies that leverage AI are especially worrisome, as they can create fake content that spurs employees and organizations to work against their best interests. Hackers can use deepfakes to create massive changes with serious financial consequences, including altering stock prices.

Deepfake social engineering techniques will only improve with the use of AI, increasing the likelihood of data breaches through unauthorized access to systems and more authentic looking phishing messages that are more personalized, and hence, more effective.

Countering Cyber Threats and Harnessing Innovation in 2024

If hackers are keen on leveraging AI and machine learning to defeat your cybersecurity, you must be ready to combat them in equal measure – just as AI and machine learning will create new challenges in 2024, they can also help you bolster your cybersecurity. While regulations are being developed to foster ethical use of AI, threat actors are not likely to follow them.

AI will also affect your cyber insurance as your providers will use it to assess your resilience against cyberattacks and adjust your premium payments accordingly. AI presents an opportunity for you to improve your cybersecurity to keep those insurance costs under control.

Conclusion

There’s a lot of doom being predicted around the growing use of AI and machine learning. And while it does pose a risk to your organization and its sensitive data, you can use it to bolster your cybersecurity even as threat actors leverage AI to up the ante. A managed service provider with a focus on security can help you use AI and machine learning to protect your organization as we head into 2024.

Listen to this Post

Subscribe

Keep up to date with our weekly digest of articles.

By clicking Subscribe, I agree to the use of my personal data in accordance with Supra ITS Privacy Policy. Supra ITS will not sell, trade, lease, or rent your personal data to third parties.

Recent Posts

Let us know
how we can help

Need more information? Book a meeting with one of our experts today!